Resubmissions

27-11-2024 08:55

241127-kvn92stkar 10

27-11-2024 05:48

241127-ghggwszqes 10

Analysis

  • max time kernel
    3s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    27-11-2024 05:48

General

  • Target

    样本/Linux/sh恶意脚本/E4CC1A7F992909E8509520FDD6C9A3F7

  • Size

    2KB

  • MD5

    e4cc1a7f992909e8509520fdd6c9a3f7

  • SHA1

    2978a46c0be87a65e4371c0682329fbda7f631b0

  • SHA256

    5b6783965bcab2350aa9559c6f4c08fe44d7ae764ac8fbdcb7722056a2b000d3

  • SHA512

    20e14b888f90e5f5ee3c560326f16be46dfded9cf992a8436295d0318c41336109cc9750e9f3b9e5461cd95fc226da9619af0b65fdcf9093c289df983cb5040b

Score
6/10

Malware Config

Signatures

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

Processes

  • /tmp/样本/Linux/sh恶意脚本/E4CC1A7F992909E8509520FDD6C9A3F7
    /tmp/样本/Linux/sh恶意脚本/E4CC1A7F992909E8509520FDD6C9A3F7
    1⤵
      PID:715
      • /bin/grep
        grep Gentoo
        2⤵
          PID:719
        • /bin/cat
          cat /etc/issue
          2⤵
            PID:722
          • /bin/grep
            grep Gentoo
            2⤵
              PID:723
            • /usr/bin/killall
              killall -9 aegis_cli
              2⤵
              • Reads runtime system information
              PID:727
            • /usr/bin/killall
              killall -9 aegis_update
              2⤵
              • Reads runtime system information
              PID:728
            • /usr/bin/killall
              killall -9 AliYunDun
              2⤵
              • Reads runtime system information
              PID:729
            • /usr/bin/killall
              killall -9 AliHids
              2⤵
              • Reads runtime system information
              PID:730
            • /usr/bin/killall
              killall -9 AliHips
              2⤵
              • Reads runtime system information
              • System Network Configuration Discovery
              PID:731
            • /usr/bin/killall
              killall -9 AliYunDunUpdate
              2⤵
              • Reads runtime system information
              PID:732

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads